Halo is a plug-and-drop distributed security observability platform built in Rust. Deploy it on your server and let it seamlessly integrate with your entire infrastructure — NGINX servers, Tailscale nodes, Fortinet firewalls, and more. Think of it as a next-generation Graylog alternative with native support for modern security tools and zero-trust networking.
One console to monitor, visualize, and enforce zero-trust posture across your entire ecosystem.
- 🔌 Plug & Play Deployment — Drop Halo on a server and watch it connect to your infrastructure
- 🛡️ Multi-Source Security Aggregation — CrowdSec, Wazuh, Fortinet firewalls, NGINX logs, and more
- 🌐 Zero-Trust Network Integration — Native Tailscale and Headscale support
- 📊 Advanced Log Management — Modern Graylog alternative with better performance
- 🦀 Built with Rust — High performance, memory-safe, and reliable
- 🔄 Real-Time Telemetry — Prometheus metrics and live event streaming
Async daemon that collects telemetry via WebSocket, Kafka, or REST and exposes a unified /metrics and /events API.
- halo-wazuh — Polls Wazuh REST API for security events
- halo-crowdsec — Subscribes to CrowdSec LAPI stream for threat intelligence
- halo-prom — Prometheus metrics scraper
- halo-nginx — Tails NGINX access/error logs in real-time
- halo-firewall — Monitors Fortinet firewalls and nftables events
- halo-tailscale — Integrates with Tailscale via
tailscale status --json - halo-proxmox — Reads Proxmox VE cluster events
Aggregates and forwards events to:
- Graylog
- Loki
- Elasticsearch
- Custom backends
Modern dashboard built with Tauri + Leptos or React for real-time visualization and control.
# Clone the repository
git clone https://github.com/yourusername/halo.git
cd halo
# Build with Cargo
cargo build --release
# Run Halo
./target/release/haloContributions are welcome! Please feel free to submit a Pull Request.
MIT License - see LICENSE file for details